Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
5.12.3, 5.13.0
-
None
-
9dce1c5b12db094cdc469d7d68eb3124f9393dc7 (qt/qtwebengine/5.12)
Description
When calling setHttpUserAgent or setHttpAcceptLanguage, I've seen various hangs, crashes and assertion failures.
Example of a hang:
#0 0x00007f9cd762d4ed in syscall () at /usr/lib/libc.so.6 #1 0x00007f9cd5494c06 in QtLinuxFutex::_q_futex(int*, int, int, unsigned long long, int*, int) (val3=0, addr2=0x0, val2=0, val=3, op=0, addr=0x5631cafade78) at thread/qfutex_p.h:105 #2 0x00007f9cd5494c06 in QtLinuxFutex::futexWait<QBasicAtomicPointer<QMutexData> >(QBasicAtomicPointer<QMutexData>&, QBasicAtomicPointer<QMutexData>::Type) (expectedValue=0x3, futex=...) at thread/qfutex_p.h:107 #3 0x00007f9cd5494c06 in lockInternal_helper<false> (timeout=-1, elapsedTimer=0x0, d_ptr=...) at thread/qmutex_linux.cpp:142 #4 0x00007f9cd5494c06 in QBasicMutex::lockInternal() (this=0x5631cafade78) at thread/qmutex_linux.cpp:159 #5 0x00007f9cd5494f14 in QBasicMutex::lock() (this=0x5631cafade78) at thread/qmutex.h:79 #6 0x00007f9cd5494f14 in QRecursiveMutexPrivate::lock(int) (this=0x5631cafade60, timeout=timeout@entry=-1) at thread/qmutex.cpp:706 #7 0x00007f9cd5494e06 in QMutex::lock() (this=this@entry=0x5631cb0d74b8) at thread/qmutex.cpp:225 #8 0x00007f9cc47c1dd5 in QMutexLocker::QMutexLocker(QBasicMutex*) (m=0x5631cb0d74b8, this=<synthetic pointer>) at /usr/include/qt/QtCore/qmutex.h:206 #9 0x00007f9cc47c1dd5 in QtWebEngineCore::ProfileIODataQt::updateUserAgent() (this=0x5631cb0d7380) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-everywhere-src-5.12.2/src/core/profile_io_data_qt.cpp:625 #10 0x00007f9cc47bda28 in QtWebEngineCore::ProfileAdapter::setHttpUserAgent(QString const&) (this=0x5631cb1242f0, userAgent=...) at /usr/include/c++/8.2.1/bits/unique_ptr.h:342 [...]
and of a check failure (source):
[31220:31233:0319/161459.850182:FATAL:client_socket_pool_base.cc(845)] Check failed: i != group_map_.end().
and of a segfault:
Thread 13 "Chrome_IOThread" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffbd7fa700 (LWP 28243)] 0x00007fffe5055c8f in Start () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/components/network_hints/browser/network_hints_message_filter.cc:46 46 ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/components/network_hints/browser/network_hints_message_filter.cc: No such file or directory. (gdb) bt #0 0x00007fffe5055c8f in Start () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/components/network_hints/browser/network_hints_message_filter.cc:46 #1 0x00007fffe5055c8f in network_hints::NetworkHintsMessageFilter::OnDnsPrefetch(network_hints::LookupRequest const&) () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/components/network_hints/browser/network_hints_message_filter.cc:93 #2 0x00007fffe5055e9e in base::DispatchToMethodImpl<network_hints::NetworkHintsMessageFilter*, void (network_hints::NetworkHintsMessageFilter::*)(network_hints::LookupRequest const&), std::tuple<network_hints::LookupRequest>, 0ul>(network_hints::NetworkHintsMessageFilter* const&, void (network_hints::NetworkHintsMessageFilter::*)(network_hints::LookupRequest const&), std::tuple<network_hints::LookupRequest>&&, std::integer_sequence<unsigned long, 0ul>) () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/base/tuple.h:52 #3 0x00007fffe5055e9e in base::DispatchToMethod<network_hints::NetworkHintsMessageFilter*, void (network_hints::NetworkHintsMessageFilter::*)(network_hints::LookupRequest const&), std::tuple<network_hints::LookupRequest> >(network_hints::NetworkHintsMessageFilter* const&, void (network_hints::NetworkHintsMessageFilter::*)(network_hints::LookupRequest const&), std::tuple<network_hints::LookupRequest>&&) () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/base/tuple.h:60 #4 0x00007fffe5055e9e in IPC::DispatchToMethod<network_hints::NetworkHintsMessageFilter, void (network_hints::NetworkHintsMessageFilter::*)(network_hints::LookupRequest const&), void, std::tuple<network_hints::LookupRequest> >(network_hints::NetworkHintsMessageFilter*, void (network_hints::NetworkHintsMessageFilter::*)(network_hints::LookupRequest const&), void*, std::tuple<network_hints::LookupRequest>&&) () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/ipc/ipc_message_templates.h:51 #5 0x00007fffe5055e9e in IPC::MessageT<NetworkHintsMsg_DNSPrefetch_Meta, std::tuple<network_hints::LookupRequest>, void>::Dispatch<network_hints::NetworkHintsMessageFilter, network_hints::NetworkHintsMessageFilter, void, void (network_hints::NetworkHintsMessageFilter::*)(network_hints::LookupRequest const&)>(IPC::Message const*, network_hints::NetworkHintsMessageFilter*, network_hints::NetworkHintsMessageFilter*, void*, void (network_hints::NetworkHintsMessageFilter::*)(network_hints::LookupRequest const&)) () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/ipc/ipc_message_templates.h:146 #6 0x00007fffe5055e9e in network_hints::NetworkHintsMessageFilter::OnMessageReceived(IPC::Message const&) () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/components/network_hints/browser/network_hints_message_filter.cc:80 #7 0x00007fffe5055e9e in network_hints::NetworkHintsMessageFilter::OnMessageReceived(IPC::Message const&) () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/components/network_hints/browser/network_hints_message_filter.cc:77 #8 0x00007fffe636f57f in content::BrowserMessageFilter::Internal::DispatchMessage(IPC::Message const&) () at ./../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/content/public/browser/browser_message_filter.cc:93 #9 0x00007fffe636f57f in content::BrowserMessageFilter::Internal::OnMessageReceived(IPC::Message const&) () at ./../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/content/public/browser/browser_message_filter.cc:73 #10 0x00007fffe713b8a5 in TryFiltersImpl() () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/ipc/message_filter_router.cc:22 #11 0x00007fffe712b8d0 in IPC::ChannelProxy::Context::TryFilters(IPC::Message const&) () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/ipc/ipc_channel_proxy.cc:86 #12 0x00007fffe712baa2 in IPC::ChannelProxy::Context::OnMessageReceived(IPC::Message const&) () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/ipc/ipc_channel_proxy.cc:121 #13 0x00007fffe7129110 in IPC::ChannelMojo::OnMessageReceived(IPC::Message const&) () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/ipc/ipc_channel_mojo.cc:263 #14 0x00007fffe712dd44 in IPC::internal::MessagePipeReader::Receive(IPC::MessageView) () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/ipc/ipc_message_pipe_reader.cc:107 #15 0x00007fffe713d14c in IPC::mojom::ChannelStubDispatch::Accept(IPC::mojom::Channel*, mojo::Message*) () at ./gen/ipc/ipc.mojom.cc:295 #16 0x00007fffe6ddaaed in mojo::InterfaceEndpointClient::HandleValidatedMessage(mojo::Message*) () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/mojo/public/cpp/bindings/lib/interface_endpoint_client.cc:423 #17 0x00007fffe71336aa in Accept() () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/ipc/ipc_mojo_bootstrap.cc:838 #18 0x00007fffe6dd808a in mojo::Connector::ReadSingleMessage(unsigned int*) () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/mojo/public/cpp/bindings/lib/connector.cc:457 #19 0x00007fffe6dd843c in mojo::Connector::ReadAllAvailableMessages() () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/mojo/public/cpp/bindings/lib/connector.cc:486 #20 0x00007fffe6df3570 in base::RepeatingCallback<void (unsigned int, mojo::HandleSignalsState const&)>::Run(unsigned int, mojo::HandleSignalsState const&) const & () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/base/callback.h:129 #21 0x00007fffe6df3570 in mojo::SimpleWatcher::OnHandleReady(int, unsigned int, mojo::HandleSignalsState const&) () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/mojo/public/cpp/system/simple_watcher.cc:273 #22 0x00007fffe6ac10e0 in base::OnceCallback<void ()>::Run() && () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/base/callback.h:99 #23 0x00007fffe6ac10e0 in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) () at ./../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/base/debug/task_annotator.cc:101 #24 0x00007fffe6ae0409 in base::MessageLoop::RunTask(base::PendingTask*) () at ./../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/base/message_loop/message_loop.cc:421 #25 0x00007fffe6ae1234 in base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) () at ./../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/base/message_loop/message_loop.cc:432 #26 0x00007fffe6ae1668 in base::MessageLoop::DoWork() () at ./../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/base/message_loop/message_loop.cc:480 #27 0x00007fffe6b6dd22 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) () at ./../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/base/message_loop/message_pump_libevent.cc:210 #28 0x00007fffe6b03e6b in base::RunLoop::Run() () at ./../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/base/run_loop.cc:102 #29 0x00007fffe6b03e6b in base::RunLoop::Run() () at ./../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/base/run_loop.cc:85 #30 0x00007fffe64b6fe4 in content::BrowserProcessSubThread::IOThreadRun(base::RunLoop*) () at ../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/content/browser/browser_process_sub_thread.cc:178 #31 0x00007fffe6b39608 in base::Thread::ThreadMain() () at ./../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/base/threading/thread.cc:337 #32 0x00007fffe6b6a1a1 in ThreadFunc() () at ./../../../../qtwebengine-everywhere-src-5.12.2/src/3rdparty/chromium/base/threading/platform_thread_posix.cc:76 --Type <RET> for more, q to quit, c to continue without paging-- #33 0x00007ffff7f5fa9d in start_thread () at /usr/lib/libpthread.so.0 #34 0x00007ffff7e8fb23 in clone () at /usr/lib/libc.so.6
The easiest way I've found to reproduce this is:
- Patch simplebrowser to add menu entries to change the UA:
diff --git a/examples/webenginewidgets/simplebrowser/browserwindow.cpp b/examples/webenginewidgets/simplebrowser/browserwindow.cpp index 5d00cd19..91e31eb1 100644 --- a/examples/webenginewidgets/simplebrowser/browserwindow.cpp +++ b/examples/webenginewidgets/simplebrowser/browserwindow.cpp @@ -210,6 +210,16 @@ QMenu *BrowserWindow::createEditMenu() currentTab()->findText(m_lastSearch, QWebEnginePage::FindBackward); }); + QAction *userAgentAction = editMenu->addAction(tr("UA 1")); + connect(userAgentAction, &QAction::triggered, [this]() { + m_profile->setHttpUserAgent("UA 1"); + }); + + QAction *userAgentAction2 = editMenu->addAction(tr("UA 2")); + connect(userAgentAction2, &QAction::triggered, [this]() { + m_profile->setHttpUserAgent("UA 2"); + }); + return editMenu; }
- Load www.cultofmac.com
- Click the menu entry to change the UA
- Reload
- If there's no crash yet, click the second menu entry and reload again
The segfault seems to go away when disabling DNS prefetching:
diff --git a/examples/webenginewidgets/simplebrowser/main.cpp b/examples/webenginewidgets/simplebrowser/main.cpp index 7b77a4bd..8cf2c16d 100644 --- a/examples/webenginewidgets/simplebrowser/main.cpp +++ b/examples/webenginewidgets/simplebrowser/main.cpp @@ -75,7 +75,7 @@ int main(int argc, char **argv) app.setWindowIcon(QIcon(QStringLiteral(":AppLogoColor.png"))); QWebEngineSettings::defaultSettings()->setAttribute(QWebEngineSettings::PluginsEnabled, true); - QWebEngineSettings::defaultSettings()->setAttribute(QWebEngineSettings::DnsPrefetchEnabled, true); + // QWebEngineSettings::defaultSettings()->setAttribute(QWebEngineSettings::DnsPrefetchEnabled, true); QWebEngineProfile::defaultProfile()->setUseForGlobalCertificateVerification(); QUrl url = commandLineUrlArgument();
however, the assertion failure happens with DNS prefetching disabled as well. According to some reporters, it happens with 5.12.1 but didn't with .0.
Upstream issues: